<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: ashishb</title><link>https://news.ycombinator.com/user?id=ashishb</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Thu, 16 Jul 2026 06:50:23 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=ashishb" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by ashishb in "The Second Life of Sanskrit"]]></title><description><![CDATA[
<p>> Are you actually claiming English isn't a mother tongue to anyone?<p>I gave a specific example where neither the coffee wholesaler nor the buyer probably operates day to day in English. But they would still use English for the official agreement.<p>That does not take away from other benefits of English like being spoken by millions as a primary language and probably billions as a second language</p>
]]></description><pubDate>Wed, 15 Jul 2026 18:40:48 +0000</pubDate><link>https://news.ycombinator.com/item?id=48925274</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48925274</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48925274</guid></item><item><title><![CDATA[New comment by ashishb in "The Second Life of Sanskrit"]]></title><description><![CDATA[
<p>> Sanskrit was widely spoken and understood just like Latin or Avestan, in its heyday. Otherwise it wouldn’t be part of the liturgical traditions of Buddhism, Jainism and Nastika traditions.<p>I think, and it is just my speculation, that for most of Indian History, Sanskrit was the link language.<p>Just like "Latin" in the USA and Europe of the early 17th and 18th centuries, when all academic instructions were carried out in Latin!<p>So, nobody used Sanskrit as the primary language, but everyone could or knew someone who could convert Sanskrit to the local dialect.<p>It is almost like how Chinese and Colombian traders might sign a contract for coffee purchase in English. Neither might use English in most of their daily operations.</p>
]]></description><pubDate>Tue, 14 Jul 2026 22:12:12 +0000</pubDate><link>https://news.ycombinator.com/item?id=48913571</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48913571</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48913571</guid></item><item><title><![CDATA[New comment by ashishb in "The Second Life of Sanskrit"]]></title><description><![CDATA[
<p>> What about Prakrit and Punjabi?<p>There is no official "Prakrit", by definition of the term itself.
"Prakrit" just means "natural" and the way I understand it, was the term for all colloquial dialects/languages across India.<p>"Sanskrit", on the other hand, meant "cultured" and its grammar, at least for the last 2500 years, is strictly defined by Panini (<a href="https://en.wikipedia.org/wiki/A%E1%B9%A3%E1%B9%AD%C4%81dhy%C4%81y%C4%AB" rel="nofollow">https://en.wikipedia.org/wiki/A%E1%B9%A3%E1%B9%AD%C4%81dhy%C...</a>)</p>
]]></description><pubDate>Tue, 14 Jul 2026 22:10:02 +0000</pubDate><link>https://news.ycombinator.com/item?id=48913550</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48913550</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48913550</guid></item><item><title><![CDATA[New comment by ashishb in "The Second Life of Sanskrit"]]></title><description><![CDATA[
<p>Fun fact: the famous "Sentosa" island in Singapore is a spelling variation of the same word.</p>
]]></description><pubDate>Tue, 14 Jul 2026 22:05:11 +0000</pubDate><link>https://news.ycombinator.com/item?id=48913505</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48913505</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48913505</guid></item><item><title><![CDATA[New comment by ashishb in "Zig Creator Calls Spade a Spade, Anthropic Blows Smoke"]]></title><description><![CDATA[
<p>I think most organizations don't want to increase their Java usage.<p>And the reason is not technical. 
Technically, it is a great language.<p>Legally, it feels risky to most.</p>
]]></description><pubDate>Mon, 13 Jul 2026 15:55:20 +0000</pubDate><link>https://news.ycombinator.com/item?id=48894614</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48894614</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48894614</guid></item><item><title><![CDATA[New comment by ashishb in "Zig Creator Calls Spade a Spade, Anthropic Blows Smoke"]]></title><description><![CDATA[
<p>Languages do matter.<p>And I think the only sensible backend languages when starting a new for-profit project is Python, Go, and Rust for 99% use-cases.<p>In other cases, third-party packages, tooling, integrations, and telemetry starts to suffer.</p>
]]></description><pubDate>Mon, 13 Jul 2026 09:21:59 +0000</pubDate><link>https://news.ycombinator.com/item?id=48889937</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48889937</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48889937</guid></item><item><title><![CDATA[New comment by ashishb in "What xAI's Grok build CLI sends to xAI: A wire-level analysis"]]></title><description><![CDATA[
<p>> Because I'm confident nothing will happen if it does<p>Well, best of luck.<p>1. Amazon has shipped backdoored packages - <a href="https://aws.amazon.com/security/security-bulletins/AWS-2025-015/" rel="nofollow">https://aws.amazon.com/security/security-bulletins/AWS-2025-...</a>
2. Scanners like Trivy have been compromised - <a href="https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise" rel="nofollow">https://socket.dev/blog/trivy-under-attack-again-github-acti...</a>
3. Redhat is shipping backdoored FOSS packages - <a href="https://access.redhat.com/security/vulnerabilities/RHSB-2026-006" rel="nofollow">https://access.redhat.com/security/vulnerabilities/RHSB-2026...</a>
4. Even fake and malicious ESLint packages have been published - <a href="https://gbhackers.com/eslint-package-attack/" rel="nofollow">https://gbhackers.com/eslint-package-attack/</a></p>
]]></description><pubDate>Mon, 13 Jul 2026 05:16:05 +0000</pubDate><link>https://news.ycombinator.com/item?id=48888199</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48888199</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48888199</guid></item><item><title><![CDATA[New comment by ashishb in "What xAI's Grok Build CLI Actually Sends to xAI"]]></title><description><![CDATA[
<p>> But in this particular case isn't the problem that it's sending everything in the sandbox?<p>If a CLI is touching certain files, they are likely to be leaked one way or the other.<p>Why not reduce the attack surface?<p>When does someone visit your house? Do they get unfettered access to your bedroom & safe as well?</p>
]]></description><pubDate>Sun, 12 Jul 2026 06:02:12 +0000</pubDate><link>https://news.ycombinator.com/item?id=48878738</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48878738</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48878738</guid></item><item><title><![CDATA[New comment by ashishb in "What xAI's Grok build CLI sends to xAI: A wire-level analysis"]]></title><description><![CDATA[
<p>And I run most of them inside sandbox now.<p>Why would you let a markdown linter access your ssh keys?</p>
]]></description><pubDate>Sun, 12 Jul 2026 04:48:17 +0000</pubDate><link>https://news.ycombinator.com/item?id=48878350</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48878350</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48878350</guid></item><item><title><![CDATA[New comment by ashishb in "What xAI's Grok build CLI sends to xAI: A wire-level analysis"]]></title><description><![CDATA[
<p>There is a reason I run all such CLIs inside a sandbox [1] giving limited directory access.<p>Imagine if the CLI pulled your SSH keys or other sensitive information by mistake?<p>Programmers do make such mistakes all the time.
I don't want to count on whether "uploading all files it can access" is intentional or a mistake.<p>1 - <a href="https://github.com/ashishb/amazing-sandbox" rel="nofollow">https://github.com/ashishb/amazing-sandbox</a></p>
]]></description><pubDate>Sun, 12 Jul 2026 03:28:49 +0000</pubDate><link>https://news.ycombinator.com/item?id=48878016</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48878016</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48878016</guid></item><item><title><![CDATA[EMF and Kids]]></title><description><![CDATA[
<p>Article URL: <a href="https://ashishb.net/parenting/emf/">https://ashishb.net/parenting/emf/</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=48799732">https://news.ycombinator.com/item?id=48799732</a></p>
<p>Points: 2</p>
<p># Comments: 0</p>
]]></description><pubDate>Mon, 06 Jul 2026 01:24:23 +0000</pubDate><link>https://ashishb.net/parenting/emf/</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48799732</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48799732</guid></item><item><title><![CDATA[New comment by ashishb in "Half-Baked Product"]]></title><description><![CDATA[
<p>Listen to any on the Elon Musk interviews, he knows more technical intricacies of his 1000+ employee companies than your average startup founder with 10 employees.</p>
]]></description><pubDate>Fri, 03 Jul 2026 18:43:59 +0000</pubDate><link>https://news.ycombinator.com/item?id=48778443</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48778443</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48778443</guid></item><item><title><![CDATA[New comment by ashishb in "Microsoft's open source tools were hacked to steal passwords of AI developers"]]></title><description><![CDATA[
<p>> 1. Docker (or any Linux container runtime, for that matter) is not intended for, designed for, or effective as a security boundary.<p>This has been discussed in detail earlier - <a href="https://news.ycombinator.com/item?id=47612726">https://news.ycombinator.com/item?id=47612726</a><p>Further, on Mac OS, you can use `--mode=native` for Mac's native sandboxing (seatbelt).<p>> 2. Root containers run as root on the host. The "sandboxed" processes have full capabilities, as far as the kernel is concerned with them.<p>That's not always the case.
You can run rootless containers or you can use containerization like Podman which does not run as root.</p>
]]></description><pubDate>Tue, 16 Jun 2026 03:35:03 +0000</pubDate><link>https://news.ycombinator.com/item?id=48550256</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48550256</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48550256</guid></item><item><title><![CDATA[New comment by ashishb in "Microsoft turns to AWS as GitHub faces AI capacity crunch"]]></title><description><![CDATA[
<p>I wonder what percentage of pull requests are cascading updates caused by dependabot and multiple code review bots reviewing those PRs.<p>My belief is it is likely 1% or more. And likely coming in as an avalanche.</p>
]]></description><pubDate>Tue, 16 Jun 2026 03:02:55 +0000</pubDate><link>https://news.ycombinator.com/item?id=48550042</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48550042</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48550042</guid></item><item><title><![CDATA[New comment by ashishb in "Microsoft's open source tools were hacked to steal passwords of AI developers"]]></title><description><![CDATA[
<p>Right now, not.
Eventually, they will.<p>You can pass your favorite rootless Docker image using `--custom-docker-image` CLI parameter.</p>
]]></description><pubDate>Tue, 09 Jun 2026 15:28:35 +0000</pubDate><link>https://news.ycombinator.com/item?id=48462405</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48462405</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48462405</guid></item><item><title><![CDATA[New comment by ashishb in "Microsoft's open source tools were hacked to steal passwords of AI developers"]]></title><description><![CDATA[
<p>>  I should be able to install this module in such a way where file operations and process operations are not available to it.<p>That's the definition of a sandbox, isn't it?</p>
]]></description><pubDate>Tue, 09 Jun 2026 14:50:55 +0000</pubDate><link>https://news.ycombinator.com/item?id=48461919</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48461919</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48461919</guid></item><item><title><![CDATA[New comment by ashishb in "Microsoft's open source tools were hacked to steal passwords of AI developers"]]></title><description><![CDATA[
<p>> The ability for npm to run scripts on any level should be removed.<p>Even Python has that ability now.
Also, `npm run dev` is running the script with full disk access.<p>Heck, Vscode/Cursor will auto-execute code if you open a project. And this has been actively used in the wild <a href="https://ashishb.net/security/contagious-interview/" rel="nofollow">https://ashishb.net/security/contagious-interview/</a></p>
]]></description><pubDate>Tue, 09 Jun 2026 14:49:34 +0000</pubDate><link>https://news.ycombinator.com/item?id=48461899</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48461899</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48461899</guid></item><item><title><![CDATA[New comment by ashishb in "Microsoft's open source tools were hacked to steal passwords of AI developers"]]></title><description><![CDATA[
<p>That's exactly what I started with. 
It gets unwieldy quickly enough as you need to mount a lot of directories that these you uses as cache.<p>So, amazing-sandbox at its core is nothing but a glorified docker command generator (in default mode).</p>
]]></description><pubDate>Tue, 09 Jun 2026 14:46:46 +0000</pubDate><link>https://news.ycombinator.com/item?id=48461865</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48461865</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48461865</guid></item><item><title><![CDATA[New comment by ashishb in "Microsoft's open source tools were hacked to steal passwords of AI developers"]]></title><description><![CDATA[
<p>I have some ideas around it. 
And indeed that's one likely direction of this project in the future.</p>
]]></description><pubDate>Tue, 09 Jun 2026 14:44:31 +0000</pubDate><link>https://news.ycombinator.com/item?id=48461833</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48461833</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48461833</guid></item><item><title><![CDATA[New comment by ashishb in "Microsoft's open source tools were hacked to steal passwords of AI developers"]]></title><description><![CDATA[
<p>This has been responded to in the past by another HN poster: <a href="https://news.ycombinator.com/item?id=47612726">https://news.ycombinator.com/item?id=47612726</a><p>Furthermore, you can use native sandboxing on macOS if you prefer.<p>If neither looks serious to you, then please educate me on a better sandboxing approach.</p>
]]></description><pubDate>Tue, 09 Jun 2026 14:42:24 +0000</pubDate><link>https://news.ycombinator.com/item?id=48461811</link><dc:creator>ashishb</dc:creator><comments>https://news.ycombinator.com/item?id=48461811</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48461811</guid></item></channel></rss>